john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: Phase 2 kickoff materials & domain migration to agenticgovernance.digital

Browse source 
This commit completes Phase 2 preparation with comprehensive kickoff materials
and migrates all domain references from mysy.digital to agenticgovernance.digital.

New Phase 2 Documents:
- PHASE-2-PRESENTATION.md: 20-slide stakeholder presentation deck
- PHASE-2-EMAIL-TEMPLATES.md: Invitation templates for 20-50 soft launch users
- PHASE-2-KICKOFF-CHECKLIST.md: Comprehensive 12-week deployment checklist (200+ tasks)
- PHASE-2-PREPARATION-ADVISORY.md: Advisory on achieving world-class UI/UX

Domain Migration (mysy.digital → agenticgovernance.digital):
- Updated CLAUDE.md project instructions
- Updated README.md
- Updated all Phase 2 planning documents (ROADMAP, COST-ESTIMATES, INFRASTRUCTURE)
- Updated governance policies (TRA-OPS-0002, TRA-OPS-0003)
- Updated framework documentation (introduction.md)
- Updated implementation progress report

Phase 2 Status:
 Budget approved: $550 USD for 3 months, $100-150/month ongoing
 Timeline confirmed: Starting NOW
 All 5 TRA-OPS-* governance policies approved
 Infrastructure decisions finalized (OVHCloud VPS Essential)
 Domain registered: agenticgovernance.digital

Ready to Begin:
- Week 1: Infrastructure deployment (VPS, DNS, SSL)
- Week 5-8: AI features (Claude API, blog, media, case studies)
- Week 9-12: Testing, governance audit, soft launch (20-50 users)

Next Steps:
1. Provision OVHCloud VPS Essential (Singapore/Australia)
2. Configure DNS for agenticgovernance.digital
3. Generate secrets (JWT, MongoDB passwords)
4. Draft 3-5 initial blog posts (human-written)
5. Begin Week 1 infrastructure deployment

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
TheFlow 2025-10-07 13:17:42 +13:00
parent 1bd4b32196
commit eba6dcf506
13 changed files with 2490 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CLAUDE.md
View file

@ -1,7 +1,7 @@
# Tractatus AI Safety Framework Website - Project Context
**Project Name:** Tractatus Website Platform
**Domain:** mysy.digital
**Domain:** agenticgovernance.digital
**Repository:** GitHub (primary) + Codeberg/Gitea (mirrors)
**Status:** Development - Phase 1 Implementation
**Created:** 2025-10-06
@ -655,7 +655,7 @@ ADMIN_EMAIL=john.stroh.nz@pm.me
**Not in Phase 1:**
- Production deployment (OVHCloud)
- Domain configuration (mysy.digital)
- Domain configuration (agenticgovernance.digital)
- ProtonBridge email integration
- Koha donations (Phase 3)
- Public launch

2
README.md
View file

@ -1,7 +1,7 @@
# Tractatus AI Safety Framework Website
**Status:** Development - Phase 1 Implementation
**Domain:** mysy.digital
**Domain:** agenticgovernance.digital
**Project Start:** 2025-10-06
---

2
docs/IMPLEMENTATION_PROGRESS_2025-10-07.md
View file

@ -434,7 +434,7 @@ This is the **first complete implementation of the Tractatus governance framewor
**Phase 3+ (Production):**
- OVHCloud hosting account
- Domain registration (mysy.digital)
- Domain registration (agenticgovernance.digital)
- ProtonBridge for email
- Stripe for Koha donations

2
docs/PHASE-2-COST-ESTIMATES.md
View file

@ -43,7 +43,7 @@
| Item | Cost (USD) | Notes |
|------|------------|-------|
| **Domain Registration** | $15-30/year | `mysy.digital` (if not already owned) |
| **Domain Registration** | $15-30/year | `agenticgovernance.digital` (if not already owned) |
| **SSL Certificate** | $0 | Let's Encrypt (free) |
| **Development Tools** | $0 | Open source (Git, Node.js, MongoDB) |
| **Migration Services** | $0 | Self-managed deployment |

547
docs/PHASE-2-EMAIL-TEMPLATES.md Normal file
View file

@ -0,0 +1,547 @@
# Phase 2 Soft Launch Email Templates
**Project**: Tractatus AI Safety Framework
**Phase**: 2 - Soft Launch Invitations
**Created**: 2025-10-07
**Purpose**: Invite 20-50 users to early access
**Domain**: agenticgovernance.digital
---
## Table of Contents
1. [Invitation Strategy](#invitation-strategy)
2. [Template A: Researcher Invitation](#template-a-researcher-invitation)
3. [Template B: Implementer Invitation](#template-b-implementer-invitation)
4. [Template C: Advocate Invitation](#template-c-advocate-invitation)
5. [Template D: General Invitation](#template-d-general-invitation)
6. [Follow-Up Templates](#follow-up-templates)
7. [Feedback Request Template](#feedback-request-template)
---
## Invitation Strategy
### Target Cohort (20-50 users)
| Audience | Count | Criteria |
|----------|-------|----------|
| **Researchers** | 8-12 | AI safety academics, PhD students, technical researchers |
| **Implementers** | 8-12 | AI engineers, architects, open-source developers |
| **Advocates** | 4-6 | AI policy professionals, digital rights organizations |
| **Total** | 20-30 | Quality over quantity for soft launch |
### Invitation Timing
**Week 10-11** (Phase 2 Month 3):
- All features deployed and tested
- Initial blog content published (3-5 posts)
- Case studies seeded (3-5 examples)
- System stable (monitoring confirms)
### Personalization
**Always include**:
- Recipient's name (first name friendly)
- Reason for invitation (specific to their work/interest)
- Personal note from John Stroh (when possible)
---
## Template A: Researcher Invitation
**Subject**: Early Access: Tractatus AI Safety Framework (Soft Launch)
---
**Email Body**:
Hi [First Name],
I'm reaching out to invite you to the soft launch of the **Tractatus AI Safety Framework** platform at **agenticgovernance.digital**.
**Why this might interest you:**
You've published extensively on [specific topic: AI alignment, constitutional AI, etc.], and the Tractatus framework offers a complementary approach through **architectural constraints** rather than behavioral alignment. I think you'd find the framework's core principle particularly relevant:
> *"What cannot be systematized must not be automated."*
**What is Tractatus?**
Tractatus is the world's first production implementation of AI safety through architectural boundaries. Instead of hoping AI systems "behave correctly," we implement structural guarantees that certain decision types (values, ethics, agency) architecturally require human judgment.
Think of it as runtime enforcement of the principle: *The limits of automation are the limits of systemization.*
**What's on the platform:**
- **Technical documentation**: Full framework specification, formal proofs, architectural diagrams
- **Interactive demonstrations**: See how boundary enforcement prevents the documented "27027 incident" (instruction override failure)
- **Case studies**: Real-world AI failures analyzed through the Tractatus lens
- **Research papers**: Appendices on scholarly context, related work, theoretical foundations
**Why early access?**
We're inviting 20-30 researchers, implementers, and advocates to provide feedback before public launch. Your insights on [specific aspect: theoretical foundations, empirical validation, etc.] would be invaluable.
**Access details:**
- Platform: https://agenticgovernance.digital
- Duration: 4-6 weeks (feedback period)
- What we need: 15-minute feedback survey + optional follow-up discussion
- Anonymity: Your feedback can be anonymous if preferred
**Getting started:**
1. Visit https://agenticgovernance.digital/researcher
2. Explore the framework documentation
3. Try the interactive demos (especially the 27027 incident visualizer)
4. Share your thoughts via the feedback form
**Questions?**
Reply to this email or reach me at john.stroh.nz@pm.me. I'm happy to schedule a brief discussion if you'd like to dive deeper.
**Citation & Attribution:**
If you reference the framework in your work, please cite:
> Stroh, J. (2025). Tractatus-Based LLM Architecture for AI Safety. agenticgovernance.digital
Thank you for considering this invitation. I'm genuinely curious to hear your perspective—especially any critical feedback or alternative approaches.
Best regards,
**John Stroh**
Founder, Tractatus Framework
agenticgovernance.digital
P.S. The platform itself is governed by the Tractatus framework (dogfooding). All AI-assisted content (blog posts, media responses) requires human approval. No values decisions are automated.
---
**Attachments** (optional):
- Tractatus_Framework_Executive_Summary.pdf
- 27027_Incident_Case_Study.pdf
---
## Template B: Implementer Invitation
**Subject**: Invitation: Test-Drive the Tractatus AI Safety Framework
---
**Email Body**:
Hi [First Name],
I saw your work on [specific project: open-source LLM tool, AI safety library, etc.] and thought you'd appreciate a hands-on look at the **Tractatus AI Safety Framework**.
**What is it?**
Tractatus is an architectural AI safety framework that enforces runtime constraints on LLM operations. It's not about prompting or fine-tuning—it's about **structural boundaries** that prevent certain classes of failures regardless of model capabilities.
**The core idea:**
Instead of hoping AI systems stay aligned, we implement architectural checks that certain decision types (values, ethics, ambiguous instructions) **cannot be executed** without human approval.
**Example: The "27027 Incident"**
User explicitly instructs: *"Use MongoDB on port 27017"*
AI generates code: `const PORT = 27027; // Pattern-matched, wrong!`
**Tractatus solution:**
```javascript
const validator = new CrossReferenceValidator();
const action = { port: 27027 };
const instruction = { port: 27017, persistence: 'HIGH' };
const result = validator.validate(action, instruction);
// result.status: 'REJECTED'
// result.reason: 'Conflicts with explicit instruction #42'
```
**Why early access?**
We're soft-launching to 20-30 users (researchers, developers, advocates) and would love your feedback on:
- API design & developer experience
- Integration patterns (how would you use this in production?)
- Performance considerations
- Documentation clarity
**What's available:**
- **Implementation guide**: https://agenticgovernance.digital/implementer
- **API reference**: Full REST API documentation with examples
- **Code examples**: Production-ready snippets for 5 framework components
- **Interactive demos**: See boundary enforcement in action
**Getting started:**
1. Visit https://agenticgovernance.digital/implementer
2. Review the implementation guide (step-by-step integration)
3. Try the API (read-only access, no auth required for demos)
4. Share feedback: What would you change? What's missing?
**Feedback incentive:**
We're considering open-sourcing the framework (Phase 3). Your input will directly shape the public API design. Plus, early contributors will be acknowledged in the project README.
**Technical specs:**
- Node.js 18+, Express 4.x, MongoDB 7.x
- Designed for middleware integration (plug into existing apps)
- Zero external dependencies (except optional Claude API)
- MIT License (planned)
**Questions?**
Reply to this email or ping me at john.stroh.nz@pm.me. I'm happy to jump on a call to discuss technical details.
Thanks for considering! Looking forward to your thoughts.
Best,
**John Stroh**
Founder, Tractatus Framework
agenticgovernance.digital
P.S. The framework is TypeScript-friendly (type definitions coming in v1.1).
---
**Attachments** (optional):
- Tractatus_API_Quick_Start.pdf
- Integration_Patterns_Guide.pdf
---
## Template C: Advocate Invitation
**Subject**: Join the Soft Launch: AI Safety Through Sovereignty
---
**Email Body**:
Hi [First Name],
I've been following your work on [specific advocacy: digital rights, AI policy, ethical tech] and wanted to invite you to explore the **Tractatus AI Safety Framework**—a new approach to AI safety grounded in **human sovereignty**.
**The core principle:**
> *"What cannot be systematized must not be automated."*
This means: AI systems should not make decisions involving values, ethics, or human agency. Those decisions are inherently unsystemizable and must remain with humans.
**Why this matters for advocacy:**
Current AI safety approaches (alignment, RLHF, constitutional AI) try to encode values into AI systems. But values are contested, contextual, and evolving. **Tractatus offers an alternative**: architectural constraints that ensure AI defers to humans for values-laden decisions.
**Think of it as:**
- **Digital sovereignty** applied to AI governance
- **Bounded automation**: AI does what it's good at; humans decide what matters
- **Structural safety**: Not "teach AI to be good" but "prevent AI from deciding what 'good' means"
**Real-world example: Media inquiry handling**
Without Tractatus:
- AI classifies inquiry, drafts response, **sends email automatically**
- Risk: AI makes judgment call on what deserves a response (values decision)
With Tractatus:
- AI classifies inquiry, drafts response, **human approves before sending**
- Boundary enforced: External communication requires human judgment
**What's on the platform:**
- **Plain-language explanations**: No PhD required (but technical details available)
- **Case studies**: Real-world AI failures analyzed for policy lessons
- **Interactive demos**: See how boundary enforcement prevents harmful automation
- **Advocacy toolkit**: Policy implications, regulatory alignment, talking points
**Why early access?**
We're inviting 20-30 people (researchers, developers, advocates) to shape the public launch. Your perspective on [specific area: policy implications, user agency, regulatory fit] would be invaluable.
**Getting started:**
1. Visit https://agenticgovernance.digital/advocate
2. Read "AI Safety as Human Sovereignty" (5-minute intro)
3. Explore case studies (real incidents where Tractatus would help)
4. Share feedback: How can we better communicate this to policymakers?
**Feedback we need:**
- Is the message clear for non-technical audiences?
- What policy implications are we missing?
- How would you explain this to [regulators, journalists, public]?
- What concerns or objections should we address?
**Your voice matters:**
This isn't just a technical project—it's a vision for AI governance that respects human agency. We need advocates like you to help shape the narrative and ensure it serves the public interest.
**Questions?**
Reply to this email or reach me at john.stroh.nz@pm.me. I'd love to discuss how this framework aligns (or doesn't!) with your advocacy goals.
Thank you for considering this invitation. Looking forward to your insights.
Best regards,
**John Stroh**
Founder, Tractatus Framework
agenticgovernance.digital
P.S. The framework acknowledges Te Tiriti o Waitangi and indigenous data sovereignty principles (CARE). Digital sovereignty is universal, but implementation must respect local context.
---
**Attachments** (optional):
- Tractatus_Policy_Brief.pdf
- AI_Safety_as_Sovereignty_Essay.pdf
---
## Template D: General Invitation
**Subject**: You're Invited: Tractatus AI Safety Framework (Soft Launch)
---
**Email Body**:
Hi [First Name],
I'm excited to invite you to the soft launch of **agenticgovernance.digital**, a new platform demonstrating AI safety through architectural constraints.
**Quick intro:**
The **Tractatus Framework** is the world's first production implementation of runtime boundary enforcement for AI systems. Core principle:
> *"What cannot be systematized must not be automated."*
In practice: AI systems must defer to humans for decisions involving values, ethics, or ambiguity. This is enforced architecturally (not behaviorally).
**What you'll find:**
- **Documentation**: Full framework specification
- **Demos**: Interactive visualizations of boundary enforcement
- **Blog**: AI safety insights, case studies, technical deep dives
- **Community**: Case study submissions, discussions (coming soon)
**Why early access?**
We're inviting 20-30 people for feedback before public launch. Your perspective would help us:
- Improve clarity (is the framework understandable?)
- Identify gaps (what's missing?)
- Refine messaging (how do we explain this to different audiences?)
**Getting started:**
Visit: https://agenticgovernance.digital
Choose your path:
- **Researcher**: Academic & technical depth
- **Implementer**: Code examples & API docs
- **Advocate**: Policy implications & plain language
**Feedback:**
After exploring, please share your thoughts via the feedback form (15 minutes). Optional: I'm happy to schedule a follow-up discussion.
**Questions?**
Reply to this email or contact me at john.stroh.nz@pm.me.
Thanks for your time and interest. Looking forward to hearing from you!
Best,
**John Stroh**
Founder, Tractatus Framework
agenticgovernance.digital
---
## Follow-Up Templates
### Template E: Reminder (1 Week After Invitation)
**Subject**: Reminder: Tractatus Soft Launch Feedback
---
Hi [First Name],
Quick follow-up on my invitation to explore the Tractatus AI Safety Framework at **agenticgovernance.digital**.
No pressure—just wanted to make sure the email didn't get lost in your inbox!
**Quick access:**
- Platform: https://agenticgovernance.digital/[researcher|implementer|advocate]
- Feedback form: 15 minutes
- Deadline: [Date - 3 weeks from invitation]
If you're not interested or too busy, no worries—just let me know and I'll stop bothering you. 😊
Thanks,
**John Stroh**
---
### Template F: Thank You (After Feedback Received)
**Subject**: Thank you for your Tractatus feedback!
---
Hi [First Name],
Thank you for taking the time to explore agenticgovernance.digital and share your feedback!
**Your insights:**
[Personalized response to their specific feedback points]
**What's next:**
We're incorporating feedback from all early users and will share an updated roadmap in [timeframe]. If you're interested, I'll keep you posted on:
- Public launch (Phase 3)
- Open-source release
- Community features (forums, discussions)
**Stay in touch?**
Would you like to stay updated on the project? I can add you to our low-volume newsletter (1 email/month, unsubscribe anytime).
Thanks again for your thoughtful input. It's genuinely helpful.
Best,
**John Stroh**
---
### Template G: Non-Responder Follow-Up (2 Weeks After Reminder)
**Subject**: Last call: Tractatus feedback (no worries if too busy!)
---
Hi [First Name],
Final follow-up on the Tractatus soft launch invitation.
I know inboxes are overwhelming, so no hard feelings if you're not interested or don't have time!
If you *are* interested but haven't had a chance yet, the feedback window is open for [X more days].
Otherwise, I'll assume it's not a priority and won't bother you further. 😊
Thanks for considering it!
Best,
**John Stroh**
---
## Feedback Request Template
### Template H: Structured Feedback Survey (Google Form or TypeForm)
**Survey Link**: [To be created]
**Questions** (15 minutes estimated):
**Section 1: Background**
1. Which audience path did you explore? (Researcher / Implementer / Advocate / All)
2. How would you describe your background? (Academia / Industry / Policy / Other)
3. How did you learn about Tractatus? (Email invitation / Other)
**Section 2: Clarity**
4. How clear is the framework's core principle? (1-5 scale)
5. What was confusing or unclear? (Open text)
6. What was most interesting or valuable? (Open text)
**Section 3: Content**
7. Which sections did you explore? (Check all: Docs, Demos, Blog, API Reference)
8. What's missing that you expected to find? (Open text)
9. How useful are the interactive demos? (1-5 scale)
**Section 4: Technical (If Applicable)**
10. Would you consider integrating Tractatus into your work? (Yes / Maybe / No / N/A)
11. What technical concerns or barriers do you see? (Open text)
**Section 5: Messaging**
12. How would you explain Tractatus to a colleague? (Open text)
13. What's the strongest argument for this approach? (Open text)
14. What's the strongest argument against this approach? (Open text)
**Section 6: Overall**
15. Overall satisfaction with the platform? (1-5 scale)
16. Would you recommend Tractatus to others? (Yes / Maybe / No)
17. Any other feedback or suggestions? (Open text)
**Section 7: Follow-Up**
18. Can we follow up with you for clarification? (Yes / No)
19. Would you like updates on the public launch? (Yes / No)
20. Email for follow-up: (Optional)
---
## Invitation Checklist
### Before Sending Invitations
- [ ] Platform stable (agenticgovernance.digital live and tested)
- [ ] Blog content published (3-5 initial posts)
- [ ] Case studies seeded (3-5 examples)
- [ ] Feedback survey created (Google Form or TypeForm)
- [ ] Recipient list finalized (20-30 users across 3 audiences)
### Sending Process
- [ ] Personalize each email (name, reason for invitation, specific detail)
- [ ] Send from john.stroh.nz@pm.me (personal, not automated)
- [ ] BCC all recipients (privacy)
- [ ] Track responses (spreadsheet: Invited, Responded, Feedback Received)
- [ ] Schedule reminders (1 week, 2 weeks)
### After Launch
- [ ] Monitor feedback form responses daily
- [ ] Respond to all feedback within 48 hours (thank you notes)
- [ ] Compile feedback themes weekly
- [ ] Iterate on platform based on insights
- [ ] Share summary report with all participants (transparency)
---
## Metrics to Track
### Response Rates
| Metric | Target | Actual |
|--------|--------|--------|
| **Invitation sent** | 30 | - |
| **Email opened** | 70% (21) | - |
| **Platform visited** | 50% (15) | - |
| **Feedback submitted** | 30% (9) | - |
### Satisfaction
| Metric | Target | Actual |
|--------|--------|--------|
| **Overall satisfaction** | 4+/5 | - |
| **Would recommend** | 70% Yes | - |
| **Critical feedback** | <30% | - |
---
## Revision History
| Date | Version | Changes |
|------|---------|---------|
| 2025-10-07 | 1.0 | Initial email templates for Phase 2 soft launch |
---
**Document Owner**: John Stroh
**Last Updated**: 2025-10-07
**Next Review**: After soft launch (Week 12)

34
docs/PHASE-2-INFRASTRUCTURE-PLAN.md
View file

@ -41,7 +41,7 @@
┌────────▼────────┐
│ OVHCloud VPS │ (Ubuntu 22.04 LTS)
mysy.digital │
agenticgovernance.digital │
└────────┬────────┘
┌────────────┴────────────┐
@ -414,9 +414,9 @@ CLAUDE_MAX_TOKENS=200000
# Email (ProtonBridge)
SMTP_HOST=127.0.0.1
SMTP_PORT=1025
SMTP_USER=contact@mysy.digital
SMTP_USER=contact@agenticgovernance.digital
SMTP_PASSWORD=<protonbridge_password>
SMTP_FROM=contact@mysy.digital
SMTP_FROM=contact@agenticgovernance.digital
# Admin
ADMIN_EMAIL=john.stroh.nz@pm.me
@ -477,7 +477,7 @@ sudo nano /etc/systemd/system/tractatus.service
```ini
[Unit]
Description=Tractatus AI Safety Framework
Documentation=https://mysy.digital/docs
Documentation=https://agenticgovernance.digital/docs
After=network.target mongod.service
[Service]
@ -540,7 +540,7 @@ upstream tractatus_app {
server {
listen 80;
listen [::]:80;
server_name mysy.digital www.mysy.digital;
server_name agenticgovernance.digital www.agenticgovernance.digital;
# Let's Encrypt verification
location /.well-known/acme-challenge/ {
@ -557,12 +557,12 @@ server {
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mysy.digital www.mysy.digital;
server_name agenticgovernance.digital www.agenticgovernance.digital;
# SSL certificates (Let's Encrypt)
ssl_certificate /etc/letsencrypt/live/mysy.digital/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysy.digital/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mysy.digital/chain.pem;
ssl_certificate /etc/letsencrypt/live/agenticgovernance.digital/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/agenticgovernance.digital/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/agenticgovernance.digital/chain.pem;
# SSL configuration (Mozilla Intermediate)
ssl_protocols TLSv1.2 TLSv1.3;
@ -672,7 +672,7 @@ sudo systemctl reload nginx
```bash
# Obtain SSL certificate
sudo certbot --nginx -d mysy.digital -d www.mysy.digital
sudo certbot --nginx -d agenticgovernance.digital -d www.agenticgovernance.digital
# Follow prompts:
# - Enter email: john.stroh.nz@pm.me
@ -830,7 +830,7 @@ sudo nano /usr/local/bin/tractatus-healthcheck.sh
#!/bin/bash
# Healthcheck endpoint
URL="https://mysy.digital/health"
URL="https://agenticgovernance.digital/health"
# Check if site is up
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" $URL)
@ -942,7 +942,7 @@ mongorestore --db tractatus_prod /tmp/YYYYMMDD/tractatus_prod
5. **Verify**:
```bash
curl https://mysy.digital/health
curl https://agenticgovernance.digital/health
```
**RTO** (Recovery Time Objective): <4 hours
@ -1020,7 +1020,7 @@ ls -l /var/www/tractatus/.env.production
### Pre-Deployment
- [ ] OVHCloud VPS provisioned (Essential tier)
- [ ] Domain registered (mysy.digital)
- [ ] Domain registered (agenticgovernance.digital)
- [ ] Cloudflare account created (optional)
- [ ] DNS configured (A/AAAA records pointing to server)
- [ ] SSH key generated and added to server
@ -1089,10 +1089,10 @@ ls -l /var/www/tractatus/.env.production
### Testing
- [ ] Homepage loads: https://mysy.digital/
- [ ] API health check: https://mysy.digital/health
- [ ] Document viewer: https://mysy.digital/docs-viewer.html
- [ ] Admin login: https://mysy.digital/admin/login.html
- [ ] Homepage loads: https://agenticgovernance.digital/
- [ ] API health check: https://agenticgovernance.digital/health
- [ ] Document viewer: https://agenticgovernance.digital/docs-viewer.html
- [ ] Admin login: https://agenticgovernance.digital/admin/login.html
- [ ] Static assets loading (CSS, JS)
- [ ] CSP compliance (no console errors)
- [ ] Mobile responsiveness (test on phone)

769
docs/PHASE-2-KICKOFF-CHECKLIST.md Normal file
View file

@ -0,0 +1,769 @@
# Phase 2 Kickoff Checklist
**Project**: Tractatus AI Safety Framework
**Phase**: 2 - Production Deployment & AI Features
**Duration**: 2-3 months (12 weeks)
**Status**: APPROVED - Ready to Execute
**Domain**: agenticgovernance.digital
---
## Overview
This checklist provides a step-by-step guide for executing Phase 2 deployment. Complete each section sequentially to ensure smooth deployment and avoid missing critical steps.
**Color Coding**:
- ✅ Complete
- 🔄 In Progress
- ⏳ Pending (blocked or scheduled for later)
- ❌ Not Started
---
## Pre-Kickoff (Week 0)
### Administrative Setup
- [ ] **Sign TRA-OPS-* Governance Documents**
- TRA-OPS-0001: AI Content Generation Policy
- TRA-OPS-0002: Blog Editorial Guidelines
- TRA-OPS-0003: Media Inquiry Response Protocol
- TRA-OPS-0004: Case Study Moderation Standards
- TRA-OPS-0005: Human Oversight Requirements
- **Action**: Add digital signature or email confirmation to John Stroh
- [ ] **Budget Approval Documentation**
- Phase 2 total: $550 USD (~$900 NZD)
- Monthly ongoing: $100-150 USD
- **Action**: Document approval (email, spreadsheet, or formal doc)
- [ ] **Payment Methods Setup**
- OVHCloud account created
- Payment method added (credit card or PayPal)
- Anthropic account created (for Claude API)
- Payment method added to Anthropic
- **Action**: Verify both accounts have valid payment methods
---
### Account Creation
- [ ] **OVHCloud Account**
- Account created: ___________
- Email verified: ___________
- 2FA enabled: ___________
- **Login**: Save credentials securely (password manager)
- [ ] **Anthropic Claude API Account**
- Account created: ___________
- Email verified: ___________
- Production API key generated: ___________
- **Security**: Store API key in password manager (NEVER commit to Git)
- [ ] **Domain Configuration**
- Domain: agenticgovernance.digital ✅ (already registered)
- Registrar: OVHCloud ✅
- Auto-renewal enabled: ___________
- Registrar lock enabled: ___________
---
### Security Preparation
- [ ] **SSH Key Generation**
- Generate ED25519 key: `ssh-keygen -t ed25519 -C "tractatus-deploy"`
- Key location: `~/.ssh/tractatus_ed25519`
- Public key copied: `~/.ssh/tractatus_ed25519.pub`
- **Action**: Save private key securely, NEVER share
- [ ] **Secret Generation**
- JWT_SECRET (64 chars): `node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"`
- MongoDB password (32 chars): `node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"`
- **Action**: Store in password manager, ready for .env.production
- [ ] **Email Configuration**
- ProtonMail account: john.stroh.nz@pm.me ✅ (existing)
- ProtonBridge installed: ___________
- SMTP credentials ready: ___________
---
## Week 1: Infrastructure Setup
### Day 1-2: Server Provisioning
- [ ] **Provision OVHCloud VPS**
- Login to OVHCloud control panel
- Select: VPS Essential (2 vCore, 4GB RAM, 80GB SSD)
- Region: Singapore or Australia (preferred)
- OS: Ubuntu 22.04 LTS
- Generate root password (save securely)
- Provision server (5-10 minutes)
- **Server IP**: ___.___.___.___
- [ ] **Initial Server Access**
- SSH to server as root: `ssh root@<server_ip>`
- Update system: `apt update && apt upgrade -y`
- Verify Ubuntu version: `lsb_release -a` (should be 22.04)
- [ ] **Create Non-Root User**
- Create user: `adduser tractatus`
- Add to sudo: `usermod -aG sudo tractatus`
- Set up SSH dir: `mkdir -p /home/tractatus/.ssh && chmod 700 /home/tractatus/.ssh`
- Copy public key: `ssh-copy-id tractatus@<server_ip>`
- Test login: `ssh tractatus@<server_ip>`
- **Verify**: Can login as tractatus with SSH key
### Day 3: Security Hardening
- [ ] **SSH Hardening**
- Edit config: `sudo nano /etc/ssh/sshd_config`
- Set: `PermitRootLogin no`
- Set: `PasswordAuthentication no`
- Set: `PubkeyAuthentication yes`
- Set: `AllowUsers tractatus`
- Restart SSH: `sudo systemctl restart sshd`
- **Test**: Try SSH as root (should FAIL)
- [ ] **Firewall Setup (UFW)**
- Allow SSH from your IP: `sudo ufw allow from <your_ip> to any port 22`
- Allow HTTP: `sudo ufw allow 80/tcp`
- Allow HTTPS: `sudo ufw allow 443/tcp`
- Enable: `sudo ufw enable`
- Verify: `sudo ufw status verbose`
- **Check**: Port 22 restricted, 80/443 open
- [ ] **Fail2ban Installation**
- Install: `sudo apt install -y fail2ban`
- Copy config: `sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local`
- Enable SSH jail: Edit `/etc/fail2ban/jail.local`, set `[sshd] enabled = true`
- Restart: `sudo systemctl restart fail2ban`
- Verify: `sudo fail2ban-client status`
- [ ] **Automatic Security Updates**
- Install: `sudo apt install -y unattended-upgrades`
- Configure: `sudo dpkg-reconfigure -plow unattended-upgrades` (select Yes)
- Verify: `cat /etc/apt/apt.conf.d/20auto-upgrades`
### Day 4-5: Application Stack Installation
- [ ] **Install Node.js 18 LTS**
- Add repository: `curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -`
- Install: `sudo apt install -y nodejs`
- Verify: `node --version` (should be v18.x.x)
- Verify: `npm --version` (should be 9.x.x or higher)
- [ ] **Install MongoDB 7.x**
- Add GPG key: `curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/mongodb-server-7.0.gpg`
- Add repository: `echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list`
- Update: `sudo apt update`
- Install: `sudo apt install -y mongodb-org`
- Start: `sudo systemctl start mongod`
- Enable: `sudo systemctl enable mongod`
- Verify: `mongosh --eval 'db.version()'` (should be 7.0.x)
- [ ] **Install Nginx**
- Install: `sudo apt install -y nginx`
- Start: `sudo systemctl start nginx`
- Enable: `sudo systemctl enable nginx`
- Verify: `curl http://<server_ip>` (should see "Welcome to nginx")
- [ ] **Install Additional Tools**
- Install: `sudo apt install -y git curl wget vim htop certbot python3-certbot-nginx`
- Verify Git: `git --version`
- Verify Certbot: `certbot --version`
---
## Week 2: Application Deployment
### Day 6-7: DNS Configuration
- [ ] **Configure OVHCloud DNS**
- Login to OVHCloud control panel
- Navigate to: Domains → agenticgovernance.digital → DNS Zone
- Add A record:
- Type: A
- Subdomain: @ (root)
- Target: <server_ip>
- TTL: 3600
- Add A record for www:
- Type: A
- Subdomain: www
- Target: <server_ip>
- TTL: 3600
- Add AAAA record (IPv6, if available):
- Type: AAAA
- Subdomain: @
- Target: <server_ipv6>
- **Wait**: DNS propagation (24-48 hours max, usually <2 hours)
- [ ] **Verify DNS Propagation**
- Check A record: `dig agenticgovernance.digital +short`
- Check www: `dig www.agenticgovernance.digital +short`
- Online check: https://dnschecker.org
- **Confirm**: Both @ and www resolve to server IP
### Day 8-9: Application Code Deployment
- [ ] **Create Application Directory**
- Create: `sudo mkdir -p /var/www/tractatus`
- Ownership: `sudo chown tractatus:tractatus /var/www/tractatus`
- Permissions: `sudo chmod 755 /var/www/tractatus`
- [ ] **Clone Repository**
- Navigate: `cd /var/www/tractatus`
- Clone: `git clone https://github.com/your-org/tractatus.git .`
- **If private repo**: Set up deploy key first
- Verify: `ls -la` (should see package.json, src/, public/, etc.)
- [ ] **Install Dependencies**
- Install production: `npm install --production`
- **Wait**: 2-5 minutes for npm install
- Verify: `ls -la node_modules/` (should have packages)
- [ ] **Configure Environment**
- Copy template: `cp .env.example .env.production`
- Edit: `nano .env.production`
- Set variables:
```
NODE_ENV=production
PORT=9000
MONGODB_URI=mongodb://localhost:27017/tractatus_prod
JWT_SECRET=<generated_64_char_secret>
JWT_EXPIRY=7d
CLAUDE_API_KEY=<anthropic_api_key>
CLAUDE_MODEL=claude-sonnet-4-5-20250929
ADMIN_EMAIL=john.stroh.nz@pm.me
```
- Secure permissions: `chmod 600 .env.production`
- **Verify**: `cat .env.production` (secrets present, file readable only by owner)
- [ ] **Build Assets**
- Build Tailwind CSS: `npm run build:css`
- Verify: `ls -lh public/css/tailwind.css` (should be ~24KB)
### Day 10: Database Initialization
- [ ] **Configure MongoDB Authentication**
- Edit config: `sudo nano /etc/mongod.conf`
- Set:
```yaml
security:
authorization: enabled
net:
bindIp: 127.0.0.1
port: 27017
```
- Restart: `sudo systemctl restart mongod`
- Verify: `sudo systemctl status mongod` (should be running)
- [ ] **Create Database & User**
- Connect: `mongosh`
- Create user:
```javascript
use tractatus_prod
db.createUser({
user: 'tractatus',
pwd: '<secure_mongodb_password>',
roles: [{ role: 'readWrite', db: 'tractatus_prod' }]
})
```
- Exit: `exit`
- [ ] **Initialize Database**
- Run migration: `npm run init:db`
- Seed admin user: `npm run seed:admin`
- **Verify**: `mongosh tractatus_prod -u tractatus -p` (should connect)
---
## Week 3: Service Configuration
### Day 11-12: Systemd Service
- [ ] **Create Systemd Service File**
- Create: `sudo nano /etc/systemd/system/tractatus.service`
- Content:
```ini
[Unit]
Description=Tractatus AI Safety Framework
After=network.target mongod.service
[Service]
Type=simple
User=tractatus
WorkingDirectory=/var/www/tractatus
Environment=NODE_ENV=production
EnvironmentFile=/var/www/tractatus/.env.production
ExecStart=/usr/bin/node src/server.js
Restart=on-failure
RestartSec=10
[Install]
WantedBy=multi-user.target
```
- Reload: `sudo systemctl daemon-reload`
- [ ] **Enable & Start Service**
- Enable: `sudo systemctl enable tractatus.service`
- Start: `sudo systemctl start tractatus.service`
- Check status: `sudo systemctl status tractatus.service`
- View logs: `sudo journalctl -u tractatus.service -f`
- **Verify**: Service running, no errors in logs
- [ ] **Test Application**
- Test locally: `curl http://localhost:9000/health`
- **Expected**: `{"status":"healthy","database":"connected"}`
### Day 13-14: Nginx Configuration
- [ ] **Create Nginx Site Config**
- Create: `sudo nano /etc/nginx/sites-available/tractatus`
- Content: (Use configuration from PHASE-2-INFRASTRUCTURE-PLAN.md)
- Enable site: `sudo ln -s /etc/nginx/sites-available/tractatus /etc/nginx/sites-enabled/`
- Remove default: `sudo rm /etc/nginx/sites-enabled/default`
- [ ] **Test Nginx Configuration**
- Test config: `sudo nginx -t`
- **Expected**: "syntax is ok", "test is successful"
- [ ] **Reload Nginx**
- Reload: `sudo systemctl reload nginx`
- Check status: `sudo systemctl status nginx`
- **Verify**: Nginx running, no errors
### Day 15: SSL/TLS Setup
- [ ] **Obtain Let's Encrypt Certificate**
- Run Certbot: `sudo certbot --nginx -d agenticgovernance.digital -d www.agenticgovernance.digital`
- Enter email: john.stroh.nz@pm.me
- Agree to terms: Y
- Share email: N (optional)
- Redirect HTTP to HTTPS: Y (option 2)
- **Wait**: Certificate issuance (30-60 seconds)
- [ ] **Verify SSL Certificate**
- Test HTTPS: `curl https://agenticgovernance.digital/health`
- Browser test: Open https://agenticgovernance.digital
- SSL Labs test: https://www.ssllabs.com/ssltest/ (should be A+)
- [ ] **Test Auto-Renewal**
- Dry run: `sudo certbot renew --dry-run`
- **Expected**: "Congratulations, all renewals succeeded"
- Verify timer: `sudo systemctl list-timers | grep certbot`
---
## Week 4: Monitoring & Testing
### Day 16-17: Logging & Monitoring
- [ ] **Configure Log Rotation**
- Create: `sudo nano /etc/logrotate.d/tractatus`
- Content:
```
/var/log/tractatus/*.log {
daily
rotate 7
compress
delaycompress
missingok
notifempty
create 0640 tractatus tractatus
}
```
- Test: `sudo logrotate -f /etc/logrotate.d/tractatus`
- [ ] **Create Healthcheck Script**
- Create: `sudo nano /usr/local/bin/tractatus-healthcheck.sh`
- Content: (Use script from PHASE-2-INFRASTRUCTURE-PLAN.md)
- Make executable: `sudo chmod +x /usr/local/bin/tractatus-healthcheck.sh`
- Test: `/usr/local/bin/tractatus-healthcheck.sh`
- [ ] **Configure Cron for Monitoring**
- Edit crontab: `sudo crontab -e`
- Add: `*/5 * * * * /usr/local/bin/tractatus-healthcheck.sh`
- Verify: `sudo crontab -l`
### Day 18-19: Backup Configuration
- [ ] **Create Backup Script**
- Create: `nano ~/backup-mongodb.sh`
- Content: (Use script from PHASE-2-INFRASTRUCTURE-PLAN.md)
- Make executable: `chmod +x ~/backup-mongodb.sh`
- Test: `./backup-mongodb.sh`
- Verify: `ls -lh /var/backups/tractatus/mongodb/`
- [ ] **Schedule Daily Backups**
- Edit crontab: `crontab -e`
- Add: `0 2 * * * /home/tractatus/backup-mongodb.sh >> /var/log/tractatus/backup.log 2>&1`
- Verify: `crontab -l`
### Day 20-21: Production Testing
- [ ] **Smoke Tests**
- Homepage: https://agenticgovernance.digital/
- Docs viewer: https://agenticgovernance.digital/docs-viewer.html
- API health: https://agenticgovernance.digital/health
- Admin login: https://agenticgovernance.digital/admin/login.html
- Researcher path: https://agenticgovernance.digital/researcher.html
- Implementer path: https://agenticgovernance.digital/implementer.html
- Advocate path: https://agenticgovernance.digital/advocate.html
- **Verify**: All pages load, no console errors
- [ ] **Performance Testing**
- Lighthouse audit: Run from Chrome DevTools
- Target: Performance >90, Accessibility 100, Best Practices 100, SEO >90
- WebPageTest: https://www.webpagetest.org
- Target: <3s load time (95th percentile)
- [ ] **Security Testing**
- SSL Labs: https://www.ssllabs.com/ssltest/
- Target: A+ rating
- Security Headers: https://securityheaders.com
- Target: A rating
- CSP check: Browser console (no violations)
**Milestone 1 Complete**: ✅ Infrastructure deployed, site live at https://agenticgovernance.digital
---
## Week 5-8: AI Features Implementation
### Week 5: Claude API Integration
- [ ] **API Key Configuration**
- Add to .env.production: `CLAUDE_API_KEY=<key>`
- Restart service: `sudo systemctl restart tractatus.service`
- **Verify**: No errors in logs
- [ ] **Rate Limiting Setup**
- Configure in ClaudeAPI.service.js:
- Requests/minute: 60
- Tokens/day: 500,000
- Monthly budget: $200
- Test limits: (unit test)
- [ ] **Cost Monitoring**
- Create dashboard view: /admin/api-usage
- Show: tokens used today, cost estimate, budget remaining
- Alert threshold: 80% of monthly budget
- **Test**: View dashboard, verify metrics
### Week 6: Blog Curation System
- [ ] **Blog Database Schema**
- Create BlogPost model: src/models/BlogPost.model.js
- Fields: title, slug, content, author, published_at, ai_assisted, etc.
- Indexes: slug (unique), published_at, category
- [ ] **Topic Suggestion Pipeline**
- Implement: src/services/BlogCuration.service.js
- Method: suggestTopics(newsFeeds) → topics[]
- Test: Generate 5-10 topics from mock data
- [ ] **Outline Generation**
- Method: generateOutline(topic) → outline
- Test: Generate outline for approved topic
- [ ] **Blog UI**
- Create: public/blog/index.html (list view)
- Create: public/blog/[slug].html (single post view)
- Create: public/blog/feed.xml (RSS)
- **Test**: View blog list, single post, RSS feed
- [ ] **Seed Content** (3-5 posts)
- Post 1: "Introducing the Tractatus Framework"
- Post 2: "The 27027 Incident: A Case Study"
- Post 3: "Why AI Safety Needs Architecture"
- Post 4: "Boundary Enforcement in Practice"
- Post 5: "Human Oversight: Not Optional"
- **Publish**: All posts live on blog
### Week 7: Media Inquiry Triage
- [ ] **Media Inquiry Form**
- Create: public/contact.html
- Fields: name, email, organization, message, type (press/academic/commercial)
- Validation: Required fields, email format
- [ ] **AI Classification**
- Implement: src/services/MediaTriage.service.js
- Method: classifyInquiry(text) → {category, priority, confidence}
- Test: Classify sample inquiries
- [ ] **Priority Scoring**
- Method: calculatePriority(inquiry) → score (0.0-1.0)
- Factors: reach, relevance, urgency, alignment
- Test: Verify scores for sample inquiries
- [ ] **Draft Response Generation**
- Method: generateDraft(inquiry, category) → draft
- Templates: Press, Academic, Commercial, Community
- Test: Generate drafts for each category
- [ ] **Admin Triage Dashboard**
- View: /admin/media-triage
- Features: List inquiries, view AI analysis, approve/edit/reject drafts
- **Test**: Submit inquiry, review in dashboard
### Week 8: Case Study Portal
- [ ] **Case Study Form**
- Create: public/submit-case-study.html
- Fields: title, summary, date, AI system, source URL, failure mode, description, consent
- Validation: Required fields, URL format, consent checkbox
- [ ] **AI Relevance Analysis**
- Implement: src/services/CaseStudyAnalysis.service.js
- Method: assessRelevance(submission) → {relevant, confidence, reasoning}
- Test: Analyze sample submissions
- [ ] **Tractatus Mapping**
- Method: mapToFramework(submission) → {components[], prevention_strategy}
- Test: Map sample failures to framework components
- [ ] **Moderation Queue**
- View: /admin/case-studies
- Features: List submissions, view AI analysis, approve/reject/request changes
- **Test**: Submit case study, review in queue
- [ ] **Public Case Study Viewer**
- Create: public/case-studies/index.html (list)
- Create: public/case-studies/[slug].html (single)
- **Test**: View published case studies
- [ ] **Seed Case Studies** (3-5 examples)
- Case 1: "The 27027 Incident" (instruction override)
- Case 2: "ChatGPT Medical Hallucination" (boundary violation)
- Case 3: "GitHub Copilot Code Injection" (context pressure)
- Case 4: "Bing Chat Sydney Persona" (metacognitive failure)
- Case 5: "Jasper AI Copyright Violation" (boundary violation)
- **Publish**: All case studies live
**Milestone 2 Complete**: ✅ All AI features operational, human oversight enforced
---
## Week 9-10: Polish & Testing
### Week 9: Governance Audit
- [ ] **Review All AI Prompts**
- Blog topic suggestion prompt: Aligned with TRA-OPS-0002? ___
- Blog outline prompt: Aligned with TRA-OPS-0002? ___
- Media classification prompt: Aligned with TRA-OPS-0003? ___
- Case study analysis prompt: Aligned with TRA-OPS-0004? ___
- **Action**: Update prompts if needed
- [ ] **Test Boundary Enforcement**
- Attempt to auto-publish blog post (should FAIL) ___
- Attempt to auto-send media response (should FAIL) ___
- Attempt to auto-publish case study (should FAIL) ___
- **Verify**: All blocked by BoundaryEnforcer
- [ ] **Audit Trail Verification**
- Check database: All AI decisions logged? ___
- Fields present: input, output, human_decision, reviewer, timestamp? ___
- Retention: 2-year policy documented? ___
### Week 10: End-to-End Testing
- [ ] **User Journey Testing**
- Journey 1: Researcher explores docs, views demos, submits feedback
- Journey 2: Implementer reviews API docs, tests integration, submits case study
- Journey 3: Advocate reads blog, understands principles, shares on social media
- **Verify**: All journeys complete without errors
- [ ] **Mobile Testing**
- Test on iPhone (Safari)
- Test on Android (Chrome)
- Verify: Responsive design, readable text, functional buttons
- **Target**: All pages usable on mobile
- [ ] **Browser Compatibility**
- Test on Chrome (latest)
- Test on Firefox (latest)
- Test on Safari (latest)
- Test on Edge (latest)
- **Verify**: No console errors, all features work
- [ ] **Accessibility Re-Audit**
- Run WAVE: https://wave.webaim.org
- Run Lighthouse: Accessibility score 100
- Manual keyboard navigation: All interactive elements accessible
- Screen reader test: NVDA or VoiceOver
- **Target**: WCAG AA compliant
- [ ] **Load Testing**
- Tool: k6 or Artillery
- Scenario: 100 concurrent users, 5-minute test
- Metrics: Response time <3s, error rate <1%
- **Verify**: System handles load without degradation
---
## Week 11-12: Soft Launch
### Week 11: Launch Preparation
- [ ] **Finalize Soft Launch List**
- Identify 8-12 researchers (names + emails)
- Identify 8-12 implementers (names + emails)
- Identify 4-6 advocates (names + emails)
- **Total**: 20-30 users
- [ ] **Create Feedback Survey**
- Tool: Google Forms or TypeForm
- Questions: (Use template from PHASE-2-EMAIL-TEMPLATES.md)
- Test: Complete survey yourself, verify all questions work
- **Link**: _________________________
- [ ] **Prepare Invitation Emails**
- Personalize Template A (Researcher) for each researcher
- Personalize Template B (Implementer) for each implementer
- Personalize Template C (Advocate) for each advocate
- **Review**: All names correct, specific reasons included
- [ ] **Platform Final Check**
- All blog posts published? ___
- All case studies published? ___
- All demos working? ___
- Feedback form linked? ___
- No broken links? ___
- **Status**: Ready for users
### Week 12: Launch & Feedback
- [ ] **Send Invitations**
- Send all emails (BCC for privacy)
- Track: Spreadsheet with sent date, opened (if tracked), responded
- **Date sent**: _____________
- [ ] **Monitor Platform**
- Daily: Check server logs for errors
- Daily: Review uptime monitoring (target: 99%+)
- Daily: Check feedback form responses
- **Action**: Respond to issues within 24 hours
- [ ] **Respond to Feedback**
- Thank all respondents within 48 hours
- Address critical issues immediately
- Log all feedback themes in spreadsheet
- **Target**: >30% response rate (9+ responses from 30 invitations)
- [ ] **Follow-Up Reminders**
- Week 1: Send reminder (Template E)
- Week 2: Send final reminder (Template G)
- **Track**: Response rate after each reminder
- [ ] **Compile Feedback Report**
- Themes: What users liked, what confused them, what's missing
- Quantitative: Satisfaction scores, recommendation rate
- Action items: Prioritized list of improvements
- **Share**: Email summary to all participants
**Milestone 3 Complete**: ✅ Soft launch complete, feedback collected
---
## Post-Phase 2: Transition to Phase 3
### Evaluation
- [ ] **Review Success Criteria**
- Technical success: Uptime 99%+, performance <3s, zero vulnerabilities ___
- Governance success: 100% human approval, zero violations ___
- User success: 20-50 users, 4+/5 rating, 50+ readers/post ___
- Business success: Costs <$150/month, zero breaches ___
- [ ] **Decision: Proceed to Phase 3?**
- All criteria met? ___
- Critical bugs resolved? ___
- Positive user feedback? ___
- John Stroh approval? ___
- **Decision**: GO / NO-GO / EXTEND
### Knowledge Transfer
- [ ] **Document Lessons Learned**
- What went well? ___
- What didn't go well? ___
- What would we do differently? ___
- **Action**: Create Phase 2 retrospective document
- [ ] **Update Documentation**
- Update CLAUDE.md with Phase 2 completion
- Update README.md if needed
- Archive planning documents
- **Status**: Documentation current
### Handoff (if hiring admin reviewer)
- [ ] **Admin Onboarding**
- Share TRA-OPS-* governance documents
- Train on moderation workflows
- Grant access to admin dashboard
- Shadow for 2 weeks
- **Status**: Admin ready for independent work
---
## Emergency Contacts
**Server Issues**:
- OVHCloud Support: support.ovh.com
- Server IP: ___.___.___.___
- SSH: `ssh tractatus@<server_ip>`
**API Issues**:
- Anthropic Support: support@anthropic.com
- API Dashboard: https://console.anthropic.com
**Domain/DNS Issues**:
- OVHCloud DNS: ovh.com (control panel)
- DNS Checker: https://dnschecker.org
**Security Incidents**:
- Immediate: `sudo systemctl stop tractatus.service` (shut down application)
- Review logs: `sudo journalctl -u tractatus.service -n 1000`
- Contact: John Stroh (john.stroh.nz@pm.me)
---
## Progress Tracking
**Week-by-Week Summary**:
| Week | Focus | Status | Notes |
|------|-------|--------|-------|
| 0 | Pre-Kickoff | ☐ | Administrative setup, accounts |
| 1 | Infrastructure | ☐ | Server provisioning, security |
| 2 | Deployment | ☐ | DNS, app code, database |
| 3 | Services | ☐ | Systemd, Nginx, SSL |
| 4 | Monitoring | ☐ | Logs, backups, testing |
| 5 | Claude API | ☐ | Integration, rate limits |
| 6 | Blog System | ☐ | Curation pipeline, seed content |
| 7 | Media Triage | ☐ | Forms, classification, dashboard |
| 8 | Case Studies | ☐ | Submissions, analysis, moderation |
| 9 | Governance | ☐ | Audit, boundary tests |
| 10 | Testing | ☐ | E2E, mobile, accessibility |
| 11 | Prep Launch | ☐ | User list, survey, emails |
| 12 | Soft Launch | ☐ | Send invitations, collect feedback |
**Completion Percentage**: ___% (update weekly)
---
## Revision History
| Date | Version | Changes |
|------|---------|---------|
| 2025-10-07 | 1.0 | Initial Phase 2 kickoff checklist |
---
**Checklist Owner**: John Stroh
**Last Updated**: 2025-10-07
**Next Review**: Weekly during Phase 2 execution

604
docs/PHASE-2-PREPARATION-ADVISORY.md Normal file
View file

@ -0,0 +1,604 @@
# Phase 2 Preparation Advisory
**Project**: Tractatus AI Safety Framework
**Domain**: agenticgovernance.digital
**Objective**: World-Class UI/UX
**Status**: Pre-Deployment Recommendations
**Prepared**: 2025-10-07
---
## Table of Contents
1. [UI/UX Excellence Preparation](#uiux-excellence-preparation)
2. [Design System Documentation](#design-system-documentation)
3. [Performance Optimization](#performance-optimization)
4. [Accessibility Excellence](#accessibility-excellence)
5. [Domain Migration Checklist](#domain-migration-checklist)
6. [Security & Privacy](#security--privacy)
7. [Content Readiness](#content-readiness)
8. [Monitoring & Analytics](#monitoring--analytics)
9. [User Testing Protocol](#user-testing-protocol)
10. [Final Pre-Deployment Checklist](#final-pre-deployment-checklist)
---
## UI/UX Excellence Preparation
### World-Class UI/UX Standards
**Benchmark Sites**: Stripe Docs, Tailwind CSS Docs, Anthropic Claude Docs, Linear App
**Core Principles**:
1. **Clarity over cleverness**: Users understand immediately what the framework does
2. **Speed**: Perceived performance matters more than measured performance
3. **Consistency**: Every interaction follows predictable patterns
4. **Accessibility**: WCAG AAA aspirational (AA minimum achieved)
5. **Delight**: Subtle animations, thoughtful micro-interactions
6. **Trust**: Professional, credible, transparent design
### Recommended Actions
**Before Deployment**:
- [ ] Create comprehensive design system document (colors, typography, spacing, components)
- [ ] Document component patterns (buttons, cards, modals, forms)
- [ ] Define animation/transition standards (durations, easing functions)
- [ ] Create UI component library reference page
- [ ] Design mobile-first responsive breakpoints (documented)
**During Soft Launch**:
- [ ] Conduct user testing sessions (5-10 users from each audience)
- [ ] Track Core Web Vitals (LCP, FID, CLS)
- [ ] Gather qualitative feedback (usability, clarity, trust)
- [ ] A/B test key flows (researcher path vs. implementer path)
---
## Design System Documentation
### Create: `/docs/DESIGN-SYSTEM.md`
**Content to Document**:
#### Color Palette
```css
/* Primary Colors */
--blue-600: #2563eb; /* Primary CTA */
--blue-700: #1d4ed8; /* Hover states */
--purple-700: #7c3aed; /* Accents */
/* Semantic Colors */
--success: #10b981; /* Approvals, success states */
--warning: #f59e0b; /* Warnings, pending states */
--error: #ef4444; /* Errors, rejections */
--info: #3b82f6; /* Information, tips */
/* Neutrals */
--gray-50 through --gray-900 (full Tailwind scale)
```
#### Typography Scale
```css
/* Headings */
h1: 2.5rem (40px), font-bold, line-height 1.2
h2: 2rem (32px), font-bold, line-height 1.3
h3: 1.5rem (24px), font-semibold, line-height 1.4
h4: 1.25rem (20px), font-semibold, line-height 1.5
/* Body */
body: 1rem (16px), font-normal, line-height 1.6
small: 0.875rem (14px), font-normal, line-height 1.5
```
#### Spacing System
```
4px, 8px, 12px, 16px, 24px, 32px, 48px, 64px, 96px
(Tailwind's 1, 2, 3, 4, 6, 8, 12, 16, 24 scale)
```
#### Component Patterns
- **Buttons**: Primary, Secondary, Outline, Ghost, sizes (sm, md, lg)
- **Cards**: Default, Hover, Interactive, Stat cards
- **Forms**: Input, Textarea, Select, Checkbox, Radio
- **Modals**: Center, Slide-over, Confirmation dialogs
- **Notifications**: Toast, Banner, Inline alerts
#### Animation Standards
```css
/* Transitions */
--transition-fast: 150ms ease-in-out;
--transition-base: 200ms ease-in-out;
--transition-slow: 300ms ease-in-out;
/* Easing */
--ease-in-out: cubic-bezier(0.4, 0, 0.2, 1);
--ease-out: cubic-bezier(0, 0, 0.2, 1);
```
**Action**: Create this document before Week 5 (AI features). Use it to guide all UI implementation.
---
## Performance Optimization
### Target Metrics (World-Class Standards)
| Metric | Target | Current | Status |
|--------|--------|---------|--------|
| **Largest Contentful Paint (LCP)** | <2.5s | ~1.8s | Good |
| **First Input Delay (FID)** | <100ms | ~50ms | Good |
| **Cumulative Layout Shift (CLS)** | <0.1 | ~0.05 | Good |
| **Time to First Byte (TTFB)** | <600ms | TBD | 🔄 Test |
| **Total Page Size** | <1MB | ~400KB | Good |
| **JavaScript Bundle Size** | <200KB | ~180KB | Good |
### Optimization Checklist
**Pre-Deployment**:
- [ ] Enable Brotli compression on Nginx
- [ ] Configure HTTP/2 (automatic with Nginx + SSL)
- [ ] Set aggressive caching headers for static assets (1 year)
- [ ] Minify CSS and JavaScript (production build)
- [ ] Optimize images (WebP format, lazy loading)
- [ ] Preload critical assets (fonts, hero images)
- [ ] Implement service worker for offline support (Phase 3)
**Server-Side Optimizations**:
- [ ] Enable MongoDB query caching
- [ ] Implement Redis for session storage (Phase 3)
- [ ] Use CDN for static assets (Cloudflare bot protection only, or skip CDN entirely)
- [ ] Configure connection pooling for MongoDB
- [ ] Enable Nginx gzip/Brotli compression
**Frontend Optimizations**:
- [ ] Code splitting for demos (load on demand)
- [ ] Lazy load images below fold
- [ ] Defer non-critical JavaScript
- [ ] Inline critical CSS (above-the-fold)
- [ ] Use font-display: swap for web fonts
**Monitoring**:
- [ ] Set up Lighthouse CI in GitHub Actions
- [ ] Configure Core Web Vitals monitoring (Google Analytics or Plausible)
- [ ] Weekly performance audits during soft launch
---
## Accessibility Excellence
### WCAG AAA Aspirational Checklist
**Level AA (Achieved)**:
- ✅ Semantic HTML (`<header>`, `<main>`, `<footer>`, `<nav>`)
- ✅ ARIA landmarks and labels
- ✅ Keyboard navigation (skip links, focus management)
- ✅ Color contrast 4.5:1 (text), 3:1 (UI components)
- ✅ Responsive design (mobile, tablet, desktop)
- ✅ Alt text for images
- ✅ Form labels and error messages
**Level AAA (Aspirational)**:
- [ ] Color contrast 7:1 (enhanced)
- [ ] Sign language interpretation for video content (Phase 3)
- [ ] Extended audio descriptions (if video content added)
- [ ] No time limits on interactions (already achieved)
- [ ] No flashing content (already achieved)
### Accessibility Testing Tools
**Automated Testing**:
- [ ] Install axe DevTools (browser extension)
- [ ] Run Lighthouse accessibility audit (CI/CD)
- [ ] Use WAVE tool (WebAIM) for manual checks
- [ ] Configure Pa11y for automated testing
**Manual Testing**:
- [ ] Keyboard-only navigation test (no mouse)
- [ ] Screen reader testing (NVDA on Windows, VoiceOver on macOS)
- [ ] High contrast mode testing
- [ ] Zoom to 200% (text readability)
- [ ] Color blindness simulation (Chrome DevTools)
**Action**: Run full accessibility audit in Week 9 (pre-soft launch).
---
## Domain Migration Checklist
### Update All References: `mysy.digital``agenticgovernance.digital`
**Files to Check**:
- [ ] `package.json` (homepage field)
- [ ] `README.md` (all domain references)
- [ ] `CLAUDE.md` (project instructions)
- [ ] `src/config/app.config.js` (domain configuration)
- [ ] `.env.example` (domain variables)
- [ ] All documentation in `/docs/` (ROADMAP, COST-ESTIMATES, INFRASTRUCTURE, etc.)
- [ ] Email templates (PHASE-2-EMAIL-TEMPLATES.md)
- [ ] Presentation (PHASE-2-PRESENTATION.md)
- [ ] Kickoff checklist (PHASE-2-KICKOFF-CHECKLIST.md)
- [ ] HTML files (footer links, meta tags, canonical URLs)
**DNS Configuration** (OVHCloud Preferred):
- [ ] Configure A record: `agenticgovernance.digital` → VPS IP
- [ ] Configure A record: `www.agenticgovernance.digital` → VPS IP
- [ ] Configure AAAA record (IPv6 if available)
- [ ] Set TTL to 300 seconds (5 minutes) for initial testing
- [ ] After stability, increase TTL to 3600 seconds (1 hour)
**Cloudflare Configuration** (Bot Protection Only):
- [ ] Add domain to Cloudflare (free plan)
- [ ] Enable Bot Fight Mode (free)
- [ ] **Disable** Cloudflare CDN/proxy (DNS only mode)
- [ ] **Disable** Auto Minify (we handle this server-side)
- [ ] **Disable** Rocket Loader (causes CSP issues)
- [ ] Enable DNSSEC (security)
**SSL/TLS**:
- [ ] Obtain Let's Encrypt certificate for agenticgovernance.digital
- [ ] Configure auto-renewal (certbot)
- [ ] Test certificate validity (SSLLabs.com)
**Action**: Complete domain migration in Week 1 (immediately after VPS provisioning).
---
## Security & Privacy
### Pre-Deployment Security Audit
**Server Hardening**:
- [ ] SSH key-only authentication (disable password login)
- [ ] Change default SSH port (optional, reduces noise)
- [ ] Configure UFW firewall (allow 22, 80, 443 only)
- [ ] Install and configure Fail2ban (SSH, Nginx)
- [ ] Enable automatic security updates (unattended-upgrades)
- [ ] Disable root login via SSH
- [ ] Set up non-root user with sudo access
**Application Security**:
- [ ] Generate strong JWT secret (32+ characters, random)
- [ ] Set secure session configuration (httpOnly, secure, sameSite)
- [ ] Implement rate limiting (express-rate-limit)
- [ ] Configure CORS properly (whitelist domains)
- [ ] Set security headers (Helmet.js)
- Content-Security-Policy
- X-Frame-Options: DENY
- X-Content-Type-Options: nosniff
- Referrer-Policy: strict-origin-when-cross-origin
- Permissions-Policy (restrict camera, microphone, etc.)
**MongoDB Security**:
- [ ] Enable authentication (create admin user, app user)
- [ ] Bind to localhost only (no external access)
- [ ] Use strong passwords (32+ characters)
- [ ] Enable encryption at rest (Phase 3)
- [ ] Regular backups (daily, retained 7 days)
**Dependency Security**:
- [ ] Run `npm audit` before deployment
- [ ] Fix all critical and high vulnerabilities
- [ ] Set up GitHub Dependabot (automated dependency updates)
- [ ] Configure Snyk or Sonar (optional, code quality scanning)
**Privacy**:
- [ ] No tracking cookies (session only)
- [ ] Privacy-respecting analytics (Plausible or self-hosted)
- [ ] No third-party scripts (except Cloudflare bot protection)
- [ ] GDPR compliance (data minimization, user rights)
- [ ] Create `/privacy` page (data handling transparency)
- [ ] Create `/terms` page (terms of service)
**Action**: Complete security audit in Week 3 (before soft launch invitations).
---
## Content Readiness
### Pre-Launch Content Checklist
**Essential Pages** (Must be live before soft launch):
- [ ] `/` (Homepage with clear value proposition)
- [ ] `/researcher` (Audience path with technical depth)
- [ ] `/implementer` (Code examples, API reference)
- [ ] `/advocate` (Plain language, policy implications)
- [ ] `/about` (Mission, values, Te Tiriti acknowledgment)
- [ ] `/docs` (Framework documentation viewer)
- [ ] `/blog` (At least 3-5 initial posts)
- [ ] `/api-reference` (Complete API documentation)
- [ ] `/contact` (Media inquiry form, email)
- [ ] `/privacy` (Privacy policy)
- [ ] `/terms` (Terms of service)
**Blog Content** (Seed 3-5 Posts Before Soft Launch):
1. **Introductory Post**: "Introducing the Tractatus Framework: AI Safety Through Sovereignty"
- Core principle explanation
- Why architectural constraints > behavioral alignment
- Link to technical documentation
2. **Case Study**: "The 27027 Incident: When AI Contradicts Explicit Instructions"
- Real-world example
- How Tractatus prevents this
- Interactive demo link
3. **Technical Deep Dive**: "Implementing Cross-Reference Validation in Production"
- Code examples
- Integration patterns
- Link to API reference
4. **Policy Analysis**: "AI Safety Regulation: Alignment vs. Boundaries"
- Policy implications
- Regulatory fit (EU AI Act, etc.)
- Advocacy perspective
5. **Behind the Scenes**: "Dogfooding Tractatus: How This Website Governs Its Own AI"
- Transparency post
- TRA-OPS-* policies in practice
- Human oversight examples
**Action**: Draft 3-5 blog posts in Weeks 7-8 (before soft launch). Human writes all drafts.
---
## Monitoring & Analytics
### Privacy-Respecting Analytics Setup
**Recommended Tool**: Plausible Analytics (GDPR-compliant, no cookies)
**Alternative**: Self-hosted Matomo or Umami
**Metrics to Track**:
- **Traffic**: Pageviews, unique visitors, bounce rate
- **Engagement**: Time on page, scroll depth, demo interactions
- **Audience**: Researcher vs. Implementer vs. Advocate path split
- **Geography**: Country distribution (no personal data)
- **Referrers**: How users found the site (direct, search, social)
**Goals to Track**:
- Demo interactions (classification, 27027, boundary)
- Document downloads (PDFs)
- Blog post reads (time on page >2 minutes)
- Media inquiry submissions
- Case study submissions
**Setup**:
- [ ] Create Plausible account (or self-host)
- [ ] Add tracking script to all pages
- [ ] Configure goals (demo clicks, downloads)
- [ ] Create dashboard for soft launch monitoring
- [ ] Share dashboard link with stakeholders (transparency)
**Error Monitoring**: Sentry (free tier)
- [ ] Create Sentry account
- [ ] Integrate Sentry SDK (Express error handler)
- [ ] Configure error alerts (email, Slack)
- [ ] Set up performance monitoring (transaction traces)
**Uptime Monitoring**:
- [ ] UptimeRobot (free, 5-minute intervals)
- [ ] Pingdom or StatusCake (alternatives)
- [ ] Configure alerts (email, SMS if critical)
**Action**: Set up monitoring in Week 4 (before AI features).
---
## User Testing Protocol
### Soft Launch User Testing Plan
**Cohort**: 20-50 users (Researchers, Implementers, Advocates)
**Testing Method**: Moderated + Unmoderated
#### Moderated Testing (5-10 Users)
**Format**: 30-minute video call (Zoom, Jitsi)
**Script**:
1. Introduction (5 min): Explain Tractatus at high level
2. Task-based testing (15 min):
- "Find and explain the core principle of the framework"
- "Try the 27027 incident demo and describe what happened"
- "Locate the API documentation for CrossReferenceValidator"
3. Open exploration (5 min): "Explore anything that interests you"
4. Q&A (5 min): "What was confusing? What was most valuable?"
**Recording**: Ask permission, record for analysis
**Notes**: Observer takes notes on friction points, confusion, delight
#### Unmoderated Testing (15-40 Users)
**Format**: Send structured feedback survey (Google Form or TypeForm)
**Questions** (from PHASE-2-EMAIL-TEMPLATES.md):
1. How clear is the framework's core principle? (1-5 scale)
2. What was confusing or unclear? (Open text)
3. What was most interesting or valuable? (Open text)
4. Which sections did you explore? (Checkboxes)
5. How useful are the interactive demos? (1-5 scale)
6. Would you recommend Tractatus to others? (Yes/Maybe/No)
7. Any other feedback? (Open text)
**Metrics**:
- Average clarity rating (target: 4+/5)
- Recommendation rate (target: 70%+ "Yes")
- Confusion themes (qualitative analysis)
**Action**: Conduct testing in Weeks 10-11 (during soft launch).
---
## Final Pre-Deployment Checklist
### Week 0 (Before Kickoff)
**Administrative**:
- [ ] OVHCloud account created and payment method added
- [ ] Domain registered: agenticgovernance.digital ✅
- [ ] Anthropic Claude API account created (production key)
- [ ] ProtonMail account: admin@agenticgovernance.digital
- [ ] GitHub repository updated with correct domain
- [ ] All governance documents signed off (TRA-OPS-0001 through 0005) ✅
**Development Environment**:
- [ ] Git repository clean (no uncommitted changes)
- [ ] All tests passing (118/118) ✅
- [ ] Production build tested locally (`NODE_ENV=production npm start`)
- [ ] Environment variables documented (.env.example)
- [ ] Secrets generated (JWT_SECRET, MONGODB_PASSWORD)
**Documentation**:
- [ ] All domain references updated (mysy.digital → agenticgovernance.digital)
- [ ] README.md updated with deployment instructions
- [ ] CHANGELOG.md created (version 1.0.0 - Initial Release)
- [ ] API documentation complete ✅
- [ ] Design system documented (create DESIGN-SYSTEM.md)
**Content**:
- [ ] 3-5 blog posts drafted (human-written)
- [ ] About/values page finalized
- [ ] Privacy policy and terms of service drafted
- [ ] Media inquiry response templates ready
- [ ] Case study moderation guidelines reviewed ✅
**Security**:
- [ ] JWT secrets generated (store securely, not in Git)
- [ ] MongoDB passwords generated (32+ characters)
- [ ] SSH keys generated for VPS access
- [ ] Fail2ban configuration prepared
- [ ] Security headers configured (Helmet.js)
**Monitoring**:
- [ ] Plausible Analytics account created (or self-hosted)
- [ ] Sentry account created (error monitoring)
- [ ] UptimeRobot configured (uptime monitoring)
- [ ] GitHub Actions configured (CI/CD)
---
## Recommended Immediate Actions
### Priority 1 (This Week)
1. **Update Domain References**:
- Search and replace `mysy.digital``agenticgovernance.digital` across all files
- Update environment variables
- Update README and documentation
2. **Create Design System Document**:
- Document colors, typography, spacing, components
- Use as reference for all UI implementation
- Ensure consistency across pages
3. **Draft Initial Blog Posts**:
- Write 3-5 posts (human-written, no AI drafting yet)
- Focus on: Introduction, 27027 case study, technical deep dive
- Have ready for publication in Week 7-8
4. **Security Preparation**:
- Generate all secrets (JWT, MongoDB passwords)
- Store in password manager (not in Git)
- Prepare SSH keys for VPS access
5. **Finalize Governance**:
- Review and sign off on all TRA-OPS-* policies ✅
- Ensure human oversight workflows are clear
- Prepare admin dashboard for moderation
### Priority 2 (Weeks 1-2)
1. **Provision Infrastructure**:
- OVHCloud VPS Essential (Singapore/Australia)
- Configure DNS (OVHCloud, Cloudflare bot protection only)
- Deploy application and database
- Set up SSL/TLS (Let's Encrypt)
2. **Security Hardening**:
- SSH hardening, UFW, Fail2ban
- MongoDB authentication
- Nginx security headers
- Run security audit
3. **Monitoring Setup**:
- Plausible Analytics
- Sentry error tracking
- UptimeRobot uptime monitoring
### Priority 3 (Weeks 3-8)
1. **AI Features Implementation**:
- Integrate Claude API
- Build blog curation pipeline
- Implement media triage system
- Launch case study portal
2. **Content Population**:
- Publish 3-5 initial blog posts
- Seed 3-5 case studies
- Populate resource directory
3. **Testing & Optimization**:
- Performance audit (Lighthouse)
- Accessibility audit (axe, WAVE)
- User testing (moderated + unmoderated)
---
## Success Metrics for World-Class UI/UX
| Metric | Target | How to Measure |
|--------|--------|----------------|
| **User Satisfaction** | 4.5+/5 | Soft launch survey |
| **Task Completion Rate** | 90%+ | Moderated user testing |
| **Time to Value** | <2 min | Time to first "aha" moment (demo interaction) |
| **Bounce Rate** | <40% | Plausible Analytics |
| **Page Load Speed** | <2.5s LCP | Lighthouse, Core Web Vitals |
| **Accessibility Score** | 100/100 | Lighthouse accessibility audit |
| **Mobile Usability** | 95%+ | Google Mobile-Friendly Test |
| **Recommendation Rate** | 80%+ | "Would you recommend?" survey |
---
## Risks & Mitigations
| Risk | Probability | Impact | Mitigation |
|------|-------------|--------|------------|
| **Domain migration issues** | Low | High | Test DNS configuration before soft launch |
| **Performance degradation** | Medium | High | Weekly Lighthouse audits, performance budget |
| **Accessibility gaps** | Low | Medium | Use automated tools + manual testing |
| **Security vulnerabilities** | Medium | Critical | Security audit Week 3, npm audit, Fail2ban |
| **User confusion (unclear UX)** | Medium | High | User testing, iterate based on feedback |
| **Content not ready** | Medium | Medium | Start drafting blog posts now (Weeks 7-8) |
---
## Conclusion
**Phase 2 is ready to launch** with comprehensive planning, governance, and infrastructure preparation.
**To achieve world-class UI/UX**:
1. **Design System**: Create comprehensive documentation before Week 5
2. **Performance**: Monitor Core Web Vitals weekly, maintain <2.5s LCP
3. **Accessibility**: Maintain WCAG AA, aspire to AAA
4. **User Testing**: Conduct moderated + unmoderated testing during soft launch
5. **Iteration**: Use feedback to continuously improve
**Immediate next steps**:
1. Update all domain references (mysy.digital → agenticgovernance.digital)
2. Create DESIGN-SYSTEM.md document
3. Draft 3-5 initial blog posts (human-written)
4. Generate secrets (JWT, MongoDB passwords)
5. Review and approve this advisory document
6. Commit all Phase 2 materials
7. Begin Week 1 infrastructure deployment
**Ready to proceed?** All planning is complete. Awaiting your approval to begin deployment.
---
**Document Owner**: Claude Code (Anthropic Sonnet 4.5)
**Prepared for**: John Stroh
**Date**: 2025-10-07
**Status**: ADVISORY - Awaiting Approval
**Next Review**: After soft launch (Week 12)

533
docs/PHASE-2-PRESENTATION.md Normal file
View file

@ -0,0 +1,533 @@
# Phase 2: Production Deployment & AI Features
## Tractatus AI Safety Framework
**Presented by**: Claude Code (Anthropic Sonnet 4.5)
**Prepared for**: John Stroh
**Date**: 2025-10-07
**Status**: APPROVED - Ready to Begin
---
## Slide 1: Executive Summary
### Phase 2 Overview
**Goal**: Transform local prototype → production platform with AI-powered features
**Timeline**: 2-3 months (starting NOW)
**Budget**:
- Total Phase 2: **$550 USD** (~$900 NZD)
- Ongoing: **$100-150/month** (~$165-250 NZD)
**Domain**: **agenticgovernance.digital** ✅ Registered
**Status**: All approvals granted, ready to deploy
---
## Slide 2: What We Built (Phase 1 Recap)
### Phase 1 Achievements ✅
**Infrastructure**:
- MongoDB database (tractatus_dev)
- Express application (port 9000)
- 118 integration tests (100% passing)
**Features**:
- Three audience paths (Researcher, Implementer, Advocate)
- Interactive demos (27027 incident, classification, boundary)
- Document viewer with 12+ technical papers
- Admin dashboard with moderation workflows
- API reference documentation
**Quality**:
- WCAG AA accessibility
- CSP compliance (script-src 'self')
- 85.3%+ test coverage on Tractatus services
- Mobile responsive
---
## Slide 3: What We're Building (Phase 2)
### Production Platform + AI Features
**Month 1: Infrastructure** (Weeks 1-4)
- Deploy to OVHCloud VPS (agenticgovernance.digital)
- SSL/TLS, security hardening, monitoring
- Nginx reverse proxy, automated backups
**Month 2: AI-Powered Features** (Weeks 5-8)
- Blog curation system (AI-assisted, human-approved)
- Media inquiry triage (classification + auto-drafts)
- Case study portal (community submissions)
**Month 3: Polish & Soft Launch** (Weeks 9-12)
- Governance enforcement audit
- End-to-end testing
- Soft launch to 20-50 users
- Feedback collection & iteration
---
## Slide 4: The Dogfooding Principle
### Tractatus Governs Itself
**Core Principle**: *"What cannot be systematized must not be automated."*
**Implementation**:
| AI Operation | Quadrant | Human Oversight |
|--------------|----------|-----------------|
| Blog topic suggestion | STOCHASTIC | Human selects topics |
| Blog outline generation | OPERATIONAL | Human reviews structure |
| **Blog publication decision** | **STRATEGIC** | **Human approves** |
| Media inquiry classification | OPERATIONAL | Human verifies |
| **Media response sending** | **STRATEGIC** | **Human approves** |
| Case study relevance analysis | OPERATIONAL | Human reviews |
| **Case study publication** | **STRATEGIC** | **Human approves** |
**Zero Tolerance**: AI cannot make values decisions without human approval
---
## Slide 5: Governance Framework (TRA-OPS-*)
### 5 Operational Policies Created
**TRA-OPS-0001**: AI Content Generation Policy (Master)
- Mandatory human approval for all public content
- Boundary enforcement (values require humans)
- $200/month API budget cap
**TRA-OPS-0002**: Blog Editorial Guidelines
- 4 content categories, citation standards
- AI assists; humans write & approve
**TRA-OPS-0003**: Media Inquiry Response Protocol
- AI classification + priority scoring
- No auto-send; all responses human-approved
**TRA-OPS-0004**: Case Study Moderation Standards
- Community submissions, AI relevance analysis
- Quality checklist, human publication decision
**TRA-OPS-0005**: Human Oversight Requirements
- Admin reviewer role & training
- SLAs: 4h (HIGH media), 48h (blog), 7d (case studies)
---
## Slide 6: Budget Breakdown
### Where the Money Goes
**One-Time Costs** (~$100):
- Domain (already paid)
- SSL certificates (Let's Encrypt - free)
- Initial security audit tools
**Monthly Recurring** (~$100-150):
- **Hosting** (OVHCloud VPS Essential): **$30**
- 2 vCores, 4GB RAM, 80GB SSD
- 1,000-5,000 visitors/month capacity
- **Claude API** (Sonnet 4.5): **$50**
- 30 blog outlines/month
- 50 media inquiries/month
- 20 case study analyses/month
- **Backups & Monitoring**: **$10-20**
- Off-site backups
- Uptime monitoring
- Error tracking (Sentry free tier)
**Total 3-Month Phase 2**: $550 USD (~$900 NZD)
---
## Slide 7: Infrastructure Architecture
### Production Stack
```
┌─────────────────┐
│ Internet │
└────────┬────────┘
┌────▼────┐
│ OVHCloud│ agenticgovernance.digital
│ DNS │ (No Cloudflare - sovereignty)
└────┬────┘
┌────▼────┐
│ Nginx │ SSL/TLS (Let's Encrypt)
│ :80/443 │ Reverse Proxy + Security Headers
└────┬────┘
┌────▼────┐
│ Node.js │ Tractatus Application
│ :9000 │ Express 4.x
└────┬────┘
┌────▼────┐
│ MongoDB │ tractatus_prod
│ :27017 │ 7.x with authentication
└─────────┘
```
**Security**: UFW firewall, Fail2ban, SSH key-only, automated updates
---
## Slide 8: AI Features in Detail
### Blog Curation System
**AI Role**: Suggest topics, generate outlines
**Human Role**: Select topics, write drafts, approve publication
**Workflow**:
1. AI scans AI safety news (weekly)
2. AI suggests 5-10 topics → Human selects 1-3
3. AI generates outline → Human reviews & edits
4. **Human writes full draft** (AI does NOT write)
5. Admin final approval → Publish
**Target**: 2-4 posts/month (8-16 total in Phase 2)
---
### Media Inquiry Triage
**AI Role**: Classify, prioritize, draft responses
**Human Role**: Verify, decide, send
**Categories**:
- **Press** (HIGH priority, 4h SLA)
- **Academic** (MEDIUM, 48h SLA)
- **Commercial** (MEDIUM, 7 days)
- **Community** (LOW, 14 days)
- **Spam** (IGNORE)
**Expected Volume**: 5-20 inquiries/month (soft launch)
---
### Case Study Portal
**AI Role**: Assess relevance, map to Tractatus framework
**Human Role**: Moderate, approve publication
**Submission Categories**:
- Hallucinations
- Boundary violations (AI making values decisions)
- Instruction overrides (27027-type)
- Context failures
- Bias/discrimination
**Target**: 3-5 community submissions/month
---
## Slide 9: Timeline & Milestones
### 12-Week Roadmap
**Weeks 1-4: Infrastructure** ✅ Ready to Execute
- Provision OVHCloud VPS (Singapore/Australia)
- Deploy application, configure SSL
- Security hardening, monitoring setup
- **Milestone**: Site live at https://agenticgovernance.digital
**Weeks 5-8: AI Features** ⏳ Awaiting Claude API key
- Integrate Claude Sonnet 4.5
- Build blog curation pipeline
- Implement media triage system
- Launch case study portal
- **Milestone**: All AI features operational
**Weeks 9-12: Polish & Launch** ⏳ Awaiting user cohort
- End-to-end testing
- Governance compliance audit
- Invite 20-50 soft launch users
- Collect feedback, iterate
- **Milestone**: Soft launch complete
---
## Slide 10: Success Criteria
### How We'll Know Phase 2 Succeeded
**Technical Success**:
- ✅ Site live with 99%+ uptime (30 days)
- ✅ Performance: <3s page load (95th percentile)
- ✅ Security: Zero critical vulnerabilities
- ✅ WCAG AA accessibility maintained
**Governance Success**:
- ✅ 100% human approval rate (no AI auto-publish)
- ✅ Zero boundary violations (values decisions)
- ✅ Audit trail complete (all AI decisions logged)
**User Success**:
- ✅ 20-50 soft launch users engaged
- ✅ 4+/5 average satisfaction rating
- ✅ 50+ readers/blog post average
- ✅ 5+ media inquiries handled
**Business Success**:
- ✅ Costs <$150/month
- ✅ Zero data breaches
- ✅ Positive user feedback
---
## Slide 11: Risks & Mitigation
### What Could Go Wrong?
| Risk | Probability | Impact | Mitigation |
|------|-------------|--------|------------|
| **Claude API costs exceed budget** | Medium | High | Rate limiting, $200 hard cap, alerts at 80% |
| **Security breach** | Low | Critical | Security audit, penetration testing, Fail2ban |
| **AI generates inappropriate content** | Medium | High | Mandatory human approval, no auto-publish |
| **Server downtime** | Medium | Medium | Monitoring, automated backups, <4h recovery |
| **Poor user adoption** | Medium | Medium | Clear onboarding, feedback loops, iteration |
**Overall Risk**: **LOW** - Strong governance, conservative approach
---
## Slide 12: Soft Launch Strategy
### Who Gets Early Access?
**Target Cohort**: 20-50 users across 3 audiences
**Researchers** (8-12 users):
- AI safety academics
- Philosophy/ethics researchers
- Computer science PhD students
**Implementers** (8-12 users):
- AI engineers at aligned companies
- Open-source AI developers
- Technical architects
**Advocates** (4-6 users):
- AI policy professionals
- Digital rights organizations
- Aligned nonprofits (EFF, Access Now)
**Invitation Method**: Personal email, curated list
**Feedback**: Structured survey + ongoing dialogue
---
## Slide 13: Phase 2 → Phase 3 Transition
### When to Proceed to Public Launch
**Exit Criteria**:
- All Phase 2 success metrics met ✅
- Soft launch feedback positive (4+/5) ✅
- Zero critical bugs ✅
- Governance audit complete ✅
- Your approval to proceed ✅
**Phase 3 Preview** (3-6 months):
- Public launch & marketing campaign
- Koha donation system (micropayments)
- Multi-language support
- Community forums
- Academic partnerships
- Bug bounty program
**Not rushing**: Phase 2 soft launch could extend if needed for quality
---
## Slide 14: World-Class UI/UX Focus
### Excellence Standards
**Design Principles**:
- **Clarity over cleverness**: Users understand immediately
- **Accessibility first**: WCAG AA minimum, AAA aspirational
- **Performance**: <3s load, optimized for 3G networks
- **Consistency**: Design system for all components
- **Respect**: No dark patterns, honest communication
**Continuous Improvement**:
- User testing (soft launch feedback)
- Analytics (privacy-respecting, Plausible)
- A/B testing (ethical, transparent)
- Regular UX audits
**Benchmark**: Best-in-class documentation sites (Stripe, Tailwind, Anthropic)
---
## Slide 15: Next Steps (Action Items)
### What Happens Now?
**Immediate** (This Week):
- [ ] Sign TRA-OPS-* governance documents (formal approval)
- [ ] Provision OVHCloud VPS Essential (Singapore preferred)
- [ ] Create Anthropic Claude API account (production key)
- [ ] Set up payment methods (OVHCloud + Anthropic)
- [ ] Generate JWT secrets, MongoDB passwords (secure)
**Week 1-2**:
- [ ] Deploy infrastructure (server setup, SSL, security)
- [ ] Configure DNS (agenticgovernance.digital → server IP)
- [ ] Deploy application code (Git-based workflow)
- [ ] Test production environment (health checks, monitoring)
**Week 3-4**:
- [ ] Integrate Claude API (test endpoints)
- [ ] Build blog curation pipeline
- [ ] Implement media triage system
- [ ] Launch case study portal
**Week 5-12**:
- [ ] Execute Phase 2 roadmap
- [ ] Weekly progress updates
- [ ] Soft launch preparation
---
## Slide 16: Your Role (John Stroh)
### What We Need From You
**Strategic Decisions**:
- Final approval on governance documents (sign-off)
- Soft launch user cohort selection (who to invite)
- Editorial direction (blog topics, tone)
- Phase 3 go/no-go decision
**Operational Tasks**:
- Blog content review & approval (2-4 posts/month)
- Media inquiry responses (HIGH priority, escalations)
- Case study moderation (assist admin if needed)
- Monthly budget review
**Time Commitment**:
- Phase 2 setup: 5-10 hours (one-time)
- Ongoing moderation: 5-10 hours/week
- Strategic reviews: 2 hours/month
**Support Available**:
- Claude Code for technical implementation
- Admin reviewer (if hired) for routine moderation
- Automated systems for monitoring, backups
---
## Slide 17: Why This Matters
### The Bigger Picture
**Problem**: AI safety approaches rely on behavioral alignment
**Limitation**: Alignment breaks down as capabilities scale
**Tractatus Approach**: Architectural constraints (structural safety)
**Advantage**: Safety guarantees independent of capability level
**This Platform**:
- **Demonstrates** the framework in production
- **Educates** researchers, implementers, advocates
- **Catalyzes** adoption (open source, replicable)
- **Influences** policy (proof of concept for regulation)
**Goal**: Make architectural AI safety the industry standard
---
## Slide 18: Questions & Discussion
### Open Issues for Discussion
**Technical**:
- OVHCloud region preference? (Singapore vs. Australia)
- Backup strategy: On-server only or off-site? (Backblaze B2)
- CDN needed? (Cloudflare basic or skip entirely)
**Content**:
- Initial blog topics? (27027 incident, framework intro, etc.)
- Soft launch invitation timing? (End of Month 2 or Month 3?)
- Media outreach? (Proactive or reactive only?)
**Governance**:
- Admin reviewer hiring? (Phase 2 or Phase 3?)
- Editorial board formation? (Phase 3 or later?)
- External audit? (Annual or Phase 3 milestone?)
**Anything else?**
---
## Slide 19: Summary & Approval
### Phase 2 Ready to Launch
**Approved** ✅:
- Budget: $550 (Phase 2), $100-150/month (ongoing)
- Timeline: 2-3 months, starting NOW
- Governance: 5 TRA-OPS-* policies
- Infrastructure: OVHCloud VPS Essential
- AI Strategy: Blog, media, case studies with human oversight
**Deliverables**:
- Production site at agenticgovernance.digital
- Blog curation system (2-4 posts/month)
- Media inquiry triage (5-20 inquiries/month)
- Case study portal (3-5 submissions/month)
- Soft launch to 20-50 users
**Next Action**: Begin Week 1 infrastructure deployment
---
## Slide 20: Appendix - Resources
### Key Documents
**Planning**:
- PHASE-2-ROADMAP.md (comprehensive 3-month plan)
- PHASE-2-COST-ESTIMATES.md (budget breakdown)
- PHASE-2-INFRASTRUCTURE-PLAN.md (technical specs, deployment)
**Governance**:
- TRA-OPS-0001: AI Content Generation Policy
- TRA-OPS-0002: Blog Editorial Guidelines
- TRA-OPS-0003: Media Inquiry Response Protocol
- TRA-OPS-0004: Case Study Moderation Standards
- TRA-OPS-0005: Human Oversight Requirements
**Technical**:
- API Reference: /docs/api-reference.html
- Tractatus Framework Spec: /docs/technical-proposal.md
**Location**: `/home/theflow/projects/tractatus/docs/` and `governance/`
---
## Thank You
**Questions?**
**Ready to deploy?** → Let's build world-class AI safety infrastructure.
---
**Presentation prepared by**: Claude Code (Anthropic Sonnet 4.5)
**Date**: 2025-10-07
**Status**: APPROVED - Phase 2 begins NOW
**Domain**: agenticgovernance.digital ✅

10
docs/PHASE-2-ROADMAP.md
View file

@ -72,7 +72,7 @@ Phase 2 transitions the Tractatus Framework from a **local prototype** (Phase 1)
## Phase 2 Objectives
### Primary Goals
1. **Deploy to production** on OVHCloud with domain `mysy.digital`
1. **Deploy to production** on OVHCloud with domain `agenticgovernance.digital`
2. **Integrate Claude API** for AI-powered content features
3. **Implement human oversight workflows** via Tractatus framework
4. **Launch blog curation system** with moderation queue
@ -95,7 +95,7 @@ Phase 2 transitions the Tractatus Framework from a **local prototype** (Phase 1)
**Week 1: Environment Setup**
- [ ] Provision OVHCloud VPS (specs TBD)
- [ ] Configure DNS for `mysy.digital` → production IP
- [ ] Configure DNS for `agenticgovernance.digital` → production IP
- [ ] SSL/TLS certificates (Let's Encrypt)
- [ ] Firewall rules (UFW) and SSH hardening
- [ ] Create production MongoDB instance
@ -125,7 +125,7 @@ Phase 2 transitions the Tractatus Framework from a **local prototype** (Phase 1)
- [ ] Load testing (k6 or Artillery)
- [ ] Disaster recovery drill (restore from backup)
**Milestone 1**: Production environment live, accessible at `https://mysy.digital` ✅
**Milestone 1**: Production environment live, accessible at `https://agenticgovernance.digital` ✅
---
@ -260,7 +260,7 @@ Phase 2 transitions the Tractatus Framework from a **local prototype** (Phase 1)
- Regular security audits
**Deliverables**:
- Production server accessible at `https://mysy.digital`
- Production server accessible at `https://agenticgovernance.digital`
- SSL/TLS A+ rating (SSL Labs)
- Automated backup system operational
- Monitoring dashboards configured
@ -451,7 +451,7 @@ Phase 2 transitions the Tractatus Framework from a **local prototype** (Phase 1)
Phase 2 is considered **complete** when:
### Technical Success
- [ ] Production site live at `https://mysy.digital` with SSL/TLS
- [ ] Production site live at `https://agenticgovernance.digital` with SSL/TLS
- [ ] All Phase 1 features operational in production
- [ ] Blog system publishing AI-curated content (with human approval)
- [ ] Media inquiry triage system processing requests

2
docs/markdown/introduction.md
View file

@ -224,7 +224,7 @@ Open source under [LICENSE TO BE DETERMINED]
- **Email**: john.stroh.nz@pm.me
- **GitHub**: [Repository Link]
- **Website**: mysy.digital
- **Website**: agenticgovernance.digital
---

2
governance/TRA-OPS-0002-blog-editorial-guidelines-v1-0.md
View file

@ -18,7 +18,7 @@ This document establishes editorial guidelines for the Tractatus Framework blog,
## Scope
Applies to all blog content published on `mysy.digital/blog`, including:
Applies to all blog content published on `agenticgovernance.digital/blog`, including:
- Technical articles
- Framework updates
- Case study analyses

16
governance/TRA-OPS-0003-media-inquiry-response-protocol-v1-0.md
View file

@ -20,7 +20,7 @@ This document establishes the protocol for handling media inquiries (press, acad
Applies to all incoming inquiries received via:
- Contact form (`/contact`)
- Email (`contact@mysy.digital` → `john.stroh.nz@pm.me`)
- Email (`contact@agenticgovernance.digital` → `john.stroh.nz@pm.me`)
- Social media (future)
- Conference/event requests
@ -79,7 +79,7 @@ Inquiry Text (anonymized):
[REDACTED_TEXT]
Context:
- Website: mysy.digital (AI safety framework)
- Website: agenticgovernance.digital (AI safety framework)
- Audience: Researchers, implementers, advocates
- Mission: Advance AI safety through architectural constraints
@ -219,7 +219,7 @@ Output: Plain text email (no HTML)
**Approval**:
- Admin reviewer clicks "Approve & Send"
- System logs approval (who, when, what changed from AI draft)
- Email sent from `contact@mysy.digital` (ProtonBridge)
- Email sent from `contact@agenticgovernance.digital` (ProtonBridge)
**Follow-up**:
- Set reminder for follow-up (if no response in 7 days)
@ -246,7 +246,7 @@ Key points for your article:
- [Key Point 2 from AI analysis]
- [Key Point 3 from AI analysis]
I'm available for an interview on [Availability]. You can also explore our interactive demonstrations at https://mysy.digital/demos.
I'm available for an interview on [Availability]. You can also explore our interactive demonstrations at https://agenticgovernance.digital/demos.
Best regards,
The Tractatus Team
@ -270,7 +270,7 @@ We're actively seeking academic partnerships to validate and extend the framewor
- Context pressure monitoring for degraded AI operation detection
For your [Conference/Paper], we can provide:
- Technical documentation: https://mysy.digital/docs
- Technical documentation: https://agenticgovernance.digital/docs
- Code examples: https://github.com/tractatus (future)
- Consultation: [Contact Information]
@ -299,8 +299,8 @@ For early adopters, we offer:
- Co-development partnerships (aligned organizations)
To get started:
1. Review the implementation guide: https://mysy.digital/implementer
2. Explore the API reference: https://mysy.digital/api
1. Review the implementation guide: https://agenticgovernance.digital/implementer
2. Explore the API reference: https://agenticgovernance.digital/api
3. Schedule a technical discussion: [Calendar Link]
Best regards,
@ -416,7 +416,7 @@ The Tractatus Team
| **Sent Response** | Indefinite | Legal/historical |
| **Spam Inquiries** | 90 days | Reduce false positives |
**GDPR Compliance**: Inquiry senders can request deletion (email contact@mysy.digital).
**GDPR Compliance**: Inquiry senders can request deletion (email contact@agenticgovernance.digital).
---